Runtime security middleware for A2A agents

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for capiscio from gravatar.com capiscio

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Capiscio Team
  • Tags a2a , agent , agent-to-agent , middleware , security , validation
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

CapiscIO A2A Security

Runtime security middleware for A2A (Agent-to-Agent) protocol agents

PyPI version License Python 3.10+

What is CapiscIO A2A Security?

CapiscIO A2A Security provides always-on runtime protection for agents using the A2A (Agent-to-Agent) protocol. It wraps your agent executor to validate incoming requests, verify signatures, and protect against malicious actors—all without requiring peer cooperation.

Key Features

  • Message validation - Schema and protocol compliance checking
  • Signature verification - JWS/JWKS cryptographic validation (RFC 7515)
  • Upstream protection - Validate agents you call
  • Downstream protection - Validate agents calling you
  • Rate limiting - Token bucket algorithm
  • Caching - Performance-optimized validation results
  • Three integration patterns - Minimal, explicit, or decorator

Installation

pip install capiscio-a2a-security

Quick Start

Pattern 1: Minimal (One-liner with Preset)

from capiscio_a2a_security import secure, SecurityConfig
from a2a.server.request_handlers import DefaultRequestHandler
from a2a.server.tasks import InMemoryTaskStore

# Wrap your agent with security (production defaults)
agent = secure(MyAgentExecutor(), SecurityConfig.production())

# Use in A2A request handler
handler = DefaultRequestHandler(
    agent_executor=agent,
    task_store=InMemoryTaskStore()
)

# Access validation results (three-dimensional scoring)
result = await agent.validate_agent_card(card_url)
print(result.compliance.total, result.trust.total, result.availability.total)

Pattern 2: Granular Control

from capiscio_a2a_security import CapiscIOSecurityExecutor, SecurityConfig

# Start with a preset, customize what matters to you
config = SecurityConfig.production()
config.downstream.rate_limit_requests_per_minute = 100  # Higher rate limit
config.downstream.require_signatures = True             # Enforce signatures
config.upstream.test_endpoints = True                   # Test before calling
config.fail_mode = "monitor"                            # Log but don't block yet

secure_agent = CapiscIOSecurityExecutor(
    delegate=MyAgentExecutor(),
    config=config
)

Pattern 3: Environment-Driven (12-Factor App)

from capiscio_a2a_security import secure_agent, SecurityConfig
from a2a import AgentExecutor, RequestContext, EventQueue

@secure_agent(config=SecurityConfig.from_env())
class MyAgentExecutor(AgentExecutor):
    async def execute(self, context: RequestContext, event_queue: EventQueue):
        # Your agent logic - config loaded from env vars
        pass

# Already secured - use directly!
handler = DefaultRequestHandler(agent_executor=MyAgentExecutor())

All 16 configuration options documented in the Configuration Guide.

Why CapiscIO?

The Problem

When building A2A agents, you face security risks from:

  • Malicious downstream agents sending invalid/malicious requests
  • Broken upstream dependencies with invalid agent cards
  • Protocol violations causing runtime failures
  • Missing signatures with no authenticity verification

The Solution

CapiscIO wraps your agent executor and provides:

  1. Downstream Protection - Validates all incoming requests
  2. Upstream Protection - Validates agents you call
  3. Always-On - Works without peer cooperation
  4. Performance - Caching and parallel validation
  5. Three-Dimensional Scoring - Compliance, trust, and availability insights

Configuration

Presets

# Development - Permissive, verbose logging
SecurityConfig.development()

# Production - Balanced (default)
SecurityConfig.production()

# Strict - Maximum security
SecurityConfig.strict()

# From environment variables
SecurityConfig.from_env()

Custom Configuration

from capiscio_a2a_security import SecurityConfig, DownstreamConfig, UpstreamConfig

config = SecurityConfig(
    downstream=DownstreamConfig(
        validate_schema=True,
        verify_signatures=True,
        require_signatures=False,
        enable_rate_limiting=True,
        rate_limit_requests_per_minute=100
    ),
    upstream=UpstreamConfig(
        validate_agent_cards=True,
        verify_signatures=True,
        cache_validation=True,
        cache_timeout=3600  # seconds
    ),
    fail_mode="block",  # "block" | "monitor" | "log"
    timeout_ms=5000
)

Documentation

Roadmap

  • V1.0 (Q4 2025) - Core middleware (this package)
  • V2.0 (Q2 2026) - Extension protocol (validation feedback)
  • V3.0 (Q3 2026) - Platform integration (trust network)
  • V4.0 (Q4 2026) - Enterprise features (policies, audit logs)

Contributing

We welcome contributions! Please see CONTRIBUTING.md for guidelines.

License

Apache License 2.0 - see LICENSE for details.

About A2A

The Agent-to-Agent (A2A) protocol is an open standard for agent interoperability, supported by Google and 50+ partners including Salesforce, ServiceNow, SAP, Intuit, and more. CapiscIO provides the security layer for production A2A deployments.

Support

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for capiscio from gravatar.com capiscio

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Capiscio Team
  • Tags a2a , agent , agent-to-agent , middleware , security , validation
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.1.1

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

capiscio_a2a_security-0.1.0.tar.gz (128.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

capiscio_a2a_security-0.1.0-py3-none-any.whl (46.1 kB view details)

Uploaded Python 3

File details

Details for the file capiscio_a2a_security-0.1.0.tar.gz.

File metadata

  • Download URL: capiscio_a2a_security-0.1.0.tar.gz
  • Upload date:
  • Size: 128.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for capiscio_a2a_security-0.1.0.tar.gz
Algorithm Hash digest
SHA256 b5b289b314625f8fb05746b69184c4f985b68de8c664371d6f82e0b8a2f1fd36
MD5 51d4fb752785f110e38db399e6eddbb3
BLAKE2b-256 aa24195491c226c1ad32758671848c456994539710201fb8fce26d3361cbb809

See more details on using hashes here.

Provenance

The following attestation bundles were made for capiscio_a2a_security-0.1.0.tar.gz:

Publisher: publish.yml on capiscio/a2a-security

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file capiscio_a2a_security-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for capiscio_a2a_security-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 68c84a6619df970bd71a91ecbc3446f87ef8f74226d7741809ec41f73b1d717a
MD5 4c0adf002f75d69c72d5f13d5d28569a
BLAKE2b-256 5f1fa8cc1933039c9cc45deeaf6f5936980eada0b3693e9cec22d0a656f128ba

See more details on using hashes here.

Provenance

The following attestation bundles were made for capiscio_a2a_security-0.1.0-py3-none-any.whl:

Publisher: publish.yml on capiscio/a2a-security

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page